LDAP:Solaris client + redhat openldap server

zyclonb198125

用ldapclient在solaris上起了客户端以后，ldap_cachmgr工作正常，用ldaplist和ldapsearch命令也可以得到正确得服务器上得信息。使用getent passwd也可以正确返回server得passwd file，但是不能使用服务器上得帐号登陆客户机。我在客户机得/etc/shadow里面手工添加一个帐号以后，再用它来登陆就可以正常登陆（使用客户机上shadow里面得password），再用id命令，可以得到与服务器上完全一致得帐号信息。可见是客户机没有得到服务器上得帐号得密码，也就是shadow这个文件没有共享成功。兄弟们有遇到过这个问题嘛？怎么处理得？谢谢。下面是我ldapclient list得信息：\r\nNS_LDAP_FILE_VERSION= 2.0\r\nNS_LDAP_BINDDN= cn=proxyuser,dc=ws,dc=c-sky,dc=com\r\nNS_LDAP_BINDPASSWD= {NS1}4a3788e8\r\nNS_LDAP_SERVERS= 192.168.0.21\r\nNS_LDAP_SEARCH_BASEDN= dc=ws,dc=c-sky,dc=com\r\nNS_LDAP_AUTH= simple\r\nNS_LDAP_SERVICE_SEARCH_DESC= passswdu=People,dc=ws,dc=c-sky,dc=com?one\r\n\r\n下面是服务器上得slapd.conf\r\n\r\ninclude         /etc/openldap/schema/core.schema\r\ninclude         /etc/openldap/schema/cosine.schema\r\ninclude         /etc/openldap/schema/inetorgperson.schema\r\ninclude         /etc/openldap/schema/nis.schema\r\ninclude         /etc/openldap/schema/solaris.schema\r\ninclude         /etc/openldap/schema/redhat/autofs.schema\r\ninclude         /etc/openldap/schema/redhat/kerberosobject.schema\r\n\r\naccess to attr=userPassword\r\n        by dn=\"cn=Manager,dc=ws,dc=c-sky,dc=com\" write\r\n        by dn=\"cn=proxyuser,dc=ws,dc=c-sky,dc=com\" read\r\n        by self write\r\n        by anonymous auth\r\n        by * none\r\n\r\naccess to *\r\n        by dn=\"cn=Manager,dc=ws,dc=c-sky,dc=com\" write\r\n        by * read\r\n\r\naccess to *\r\n        by self write\r\n        by * read\r\n\r\ndatabase        ldbm\r\nsuffix          \"dc=ws,dc=c-sky,dc=com\"\r\n#suffix         \"o=My Organization Name,c=US\"\r\nrootdn          \"cn=Manager,dc=ws,dc=c-sky,dc=com\"\r\n#rootdn         \"cn=Manager,o=My Organization Name,c=US\"\r\n# Cleartext passwords, especially for the rootdn, should\r\n# be avoided.  See slappasswd( and slapd.conf(5) for details.\r\n# Use of strong authentication encouraged.\r\n# rootpw                secret\r\n# rootpw                {crypt}ijFYNcSNctBYg\r\nrootpw {MD5}xxxxxxxx\r\n# The database directory MUST exist prior to running slapd AND \r\n# should only be accessible by the slapd/tools. Mode 700 recommended.\r\ndirectory       /var/lib/ldap\r\n# Indices to maintain\r\nindex   objectClass,uid,uidNumber,gidNumber,memberUid   eq\r\nindex   cn,mail,surname,givenname                       eq,subinitial\r\n\r\npassword-hash

zyclonb198125

大侠们指点迷津啊，急！

gary_tay88

Wish you may find my HOW-TO useful.\r\n\r\nhttp://web.singnet.com.sg/~garyttt/\r\n\r\nGary

ga0feng

嗨，哥们，那个《Deploying Solaris Native LDAP Client by using automated scripts》咋就啥都没有？

gary_tay88

Like Arnold used to say in \"Terminator\"\r\n\r\n\"I will be back\"\r\n\r\nGary

gary_tay88

Post your question to the forum, in Chinese (I understand it very well) or English.\r\n\r\nUnfortunately I would only reply in English as my Chinese Input skill is really lousy.\r\n\r\nAnd please be patient for the reply as I am not always available.\r\n\r\nGary\r\n郑澄泽